Links Page
Posted in General, Informational on October 24th, 2006 by Christopher Kusek (PKGuild)
New registry entry for controlling the TCP Acknowledgment (ACK) behavior in Windows XP and in Windows Server 2003
http://support.microsoft.com/kb/328890
AQADMCLI
delmsg flags=SENDER,sender=postmaster@domain.com
http://blog.sapien.com/current/2006/11/28/command-line-one-liners.html
Cisco VPN PCF Decoder
Open the PCF file in notepad, grab the text after enc_GroupPwd= and go to the following website:
http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode
Copy and paste the encrypted code into that and VOILA! Clear text password is generated.
Real Estate valuation websites.
Realestateabc.com
Domania.com
Zillow.com
reviews of 15 security podcasts at
http://www.owasp.org/index.php/Reviews_of_security_podcasts
List of security Podcasts List of security Podcasts
http://realtime-voip.typepad.com/voipcommunity/2006/09/it_security_pod.html
I would say that off the top of my head a list of 10 very popular [keyword *remote], non database related vulns would be:
1: 1. Cross-site scripting
2: 2. Remote File Includes
3: 3. HTML and script code injection
4: 4. Directory traversals
5: 5. Authentication bypass
6: 6. Remote command/code execution
7: 7. DoS - usually via memory corruption (failed overflows against differing SPs or hotfixes), resource exhaustion, sometimes a cool race condition or something.
8: 8. Buffer overflows (heap/stack/format string)
9: 9. Privilege escalation
10: 10. Information disclosures (arbitrary read and sometimes write vulns [different class]. Often coupled with dir traversal
11: Besides OWASP Top Ten there is also WASC (Web Application SecurityConsortium) threat classification:http://www.webappsec.org/projects/threat/
I was interviewed here about the Kindle
http://news.medill.northwestern.edu/chicago/news.aspx?id=92537
